Hi George, > Am 20.11.2018 um 22:15 schrieb George Fletcher <[email protected]>: > > OIDC provides a "prompt=none" mechanism that allows the browser app to > request a new token in a hidden iframe. OAuth2 doesn't describe this flow. > Note that full authentications of users should NOT happen in iframes due to > click-jacking attacks.
Does this still work reliably given the limitations imposed by the browserâs 3rd party cookie policies? kind regards, Torsten.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
